Compare commits
10 Commits
310fea89ae
...
6c7265d1d3
Author | SHA1 | Date | |
---|---|---|---|
|
6c7265d1d3 | ||
|
b17a5f352d | ||
|
db17b87cb8 | ||
|
f667f50f84 | ||
|
8346065c6f | ||
|
ab48b1e01f | ||
|
eb547bf1bf | ||
|
9d16e1d42e | ||
|
0e86dac2ac | ||
|
edfdb203a0 |
@ -1,4 +1,5 @@
|
||||
os_flavor: "freebsd"
|
||||
custom_repo: 13amd64-default-framework
|
||||
zfs_snapshot_datasets:
|
||||
- zroot/freebsd/release/be/default
|
||||
sshd_enabled: true
|
||||
|
@ -5,49 +5,49 @@
|
||||
- sudo
|
||||
- doas
|
||||
- users
|
||||
# - package_manager
|
||||
# - zfs
|
||||
# - zrepl
|
||||
# - zsh
|
||||
# - network
|
||||
# - sshd
|
||||
# - base
|
||||
# - firewall
|
||||
# - cpu
|
||||
# - ntp
|
||||
# - nvme
|
||||
# - hosts
|
||||
# - build
|
||||
# - sound
|
||||
# - graphics
|
||||
# - gpg
|
||||
# - fonts
|
||||
# - alacritty
|
||||
# - sway
|
||||
# - emacs
|
||||
# - firefox
|
||||
# - devfs
|
||||
# - ssh_client
|
||||
# - sshfs
|
||||
# - jail
|
||||
# - fuse
|
||||
# - autofs
|
||||
# - exfat
|
||||
# - bhyve
|
||||
# - bluetooth
|
||||
# - media
|
||||
# - kubernetes
|
||||
# - google_cloud_sdk
|
||||
# - ansible
|
||||
# - wireguard
|
||||
# - portshaker
|
||||
# - poudriere
|
||||
# - android
|
||||
# - latex
|
||||
# - pyenv
|
||||
# - webcam
|
||||
# - docker
|
||||
# - vscode
|
||||
- package_manager
|
||||
- zfs
|
||||
- zrepl
|
||||
- zsh
|
||||
- network
|
||||
- sshd
|
||||
- base
|
||||
- firewall
|
||||
- cpu
|
||||
- ntp
|
||||
- nvme
|
||||
- hosts
|
||||
- build
|
||||
- sound
|
||||
- graphics
|
||||
- gpg
|
||||
- fonts
|
||||
- alacritty
|
||||
- sway
|
||||
- emacs
|
||||
- firefox
|
||||
- devfs
|
||||
- ssh_client
|
||||
- sshfs
|
||||
- jail
|
||||
- fuse
|
||||
- autofs
|
||||
- exfat
|
||||
- bhyve
|
||||
- bluetooth
|
||||
- media
|
||||
- kubernetes
|
||||
- google_cloud_sdk
|
||||
- ansible
|
||||
- wireguard
|
||||
- portshaker
|
||||
- poudriere
|
||||
- android
|
||||
- latex
|
||||
- pyenv
|
||||
- webcam
|
||||
- docker
|
||||
- vscode
|
||||
- javascript
|
||||
|
||||
- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp
|
||||
|
@ -68,7 +68,7 @@ IP_RANGE="$IP_RANGE"
|
||||
BRIDGE_NAME="$BRIDGE_NAME"
|
||||
INTERFACE_NAME="$INTERFACE_NAME"
|
||||
EOF
|
||||
zfs create -s "-V${gigabytes}G" -o volmode=dev "$zfs_path/disk0"
|
||||
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
|
||||
}
|
||||
|
||||
function start_vm {
|
||||
|
@ -30,9 +30,9 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 6
|
||||
# nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
|
||||
# nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0)
|
||||
|
||||
rdr pass inet proto {tcp, udp} from any to ($ext_if) port 53 -> 10.215.1.211 port 53
|
||||
nat pass on jail_nat proto {tcp, udp} from { 10.215.1.0/24, !10.215.1.1 } to 10.215.1.211 -> (jail_nat)
|
||||
|
||||
rdr pass proto {tcp, udp} from $not_jail_nat_v4 to ($ext_if) port 53 -> 10.215.1.211 port 53
|
||||
rdr pass proto {tcp, udp} from $jail_nat_v4 to ($ext_if) port 53 tag REDIRINTERNAL -> 10.215.1.211 port 53
|
||||
nat pass proto {tcp, udp} tagged REDIRINTERNAL -> (jail_nat)
|
||||
|
||||
# filtering
|
||||
block log all
|
||||
|
@ -20,7 +20,7 @@ function main {
|
||||
function start_jail {
|
||||
host_interface_name="$1"
|
||||
bridge_name="bridge_${host_interface_name}"
|
||||
jail_interface_name="$2"
|
||||
jail_interface_name=$(sanitize_interface_name "$2")
|
||||
ip_range="$3"
|
||||
|
||||
assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
|
||||
@ -36,7 +36,7 @@ EOF
|
||||
function stop_jail {
|
||||
host_interface_name="$1"
|
||||
bridge_name="bridge_${host_interface_name}"
|
||||
jail_interface_name="$2"
|
||||
jail_interface_name=$(sanitize_interface_name "$2")
|
||||
|
||||
if ng_exists "${jail_interface_name}:"; then
|
||||
wait_for_interface_to_exist "${jail_interface_name}" 120
|
||||
@ -117,4 +117,8 @@ function wait_for_interface_to_exist {
|
||||
done
|
||||
}
|
||||
|
||||
function sanitize_interface_name {
|
||||
echo "${1:0:15}"
|
||||
}
|
||||
|
||||
main "${@}"
|
||||
|
@ -1,6 +1,6 @@
|
||||
# - name: Install packages
|
||||
# pacman:
|
||||
# name:
|
||||
# - foo
|
||||
# state: present
|
||||
# update_cache: true
|
||||
- name: Start ntp service
|
||||
systemd:
|
||||
state: started
|
||||
name: systemd-timesyncd
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
|
@ -0,0 +1,3 @@
|
||||
FreeBSD: {
|
||||
enabled: no
|
||||
}
|
14
ansible/roles/package_manager/files/poudriere.pub
Normal file
14
ansible/roles/package_manager/files/poudriere.pub
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv/0Hh9ace1/nH+QnlPPx
|
||||
XFbSAcp1soEypMuSGgEc+ZNXIkQT11rkzXkTI5vyYIgVYLEE4iMTzXCGhMkb8M1Y
|
||||
zsXRB8l4+Dimcrtqj/+Fvsk+WVeadXwugZ3LWOIb6V7hLMyGxvbouZHC9gduMaLh
|
||||
xGoBup3kgOxSuVXVAlCGBZgmdGNmbpZNYl6BcJtK8bnlxFOmBPQsompSzLzIAItO
|
||||
7r0Rf3xXFOwaCpB1QkFMBGrIDSXkhpXTl1/k5LU2kpM81Ec4EvZwXQJuj3+J3q+n
|
||||
tMeTY2ARb3e4vBaieTww7obfHqLgx6jyL07gl/pW8WXrx4aLGvMkdpVnTFg0K0X1
|
||||
3xoZKGWJdjSznHFtJo+IICLPGMbOxz52lwXDCrRV2yCUMH29hQiCIK9j5q4q1JAD
|
||||
rV4p5ccabfzUduc4yT9kx0+hAXLxVs5mtIianDnJAEBE4yXucWbM6FaE+jYaN9L3
|
||||
dXU6vESTdS6+o8Tz/lo/a0MLyj99URvAxKFsYKg4PnbUcSs+qFuUI0yMpcNIMImy
|
||||
+7gY54t3Izma5pCS7WXtl38SdM8d/gfl/d5xD88BYWIS82gCXoh9G37PFxzCZaNx
|
||||
OKclQq1dZ1mXLDD2yHymDCLBXqfEfTBp4tb5A8JBRKBeqkDCOYZNmp+06VzgdPiO
|
||||
PYwdK2INLfUnBKGN02hgPosCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
@ -16,6 +16,18 @@
|
||||
state: present
|
||||
|
||||
- name: Install Configuration
|
||||
copy:
|
||||
src: "files/{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: wheel
|
||||
loop:
|
||||
- src: pkg.conf
|
||||
dest: /usr/local/etc/pkg.conf
|
||||
|
||||
- name: Install Configuration
|
||||
when: custom_repo is not defined
|
||||
register: changed_config
|
||||
copy:
|
||||
src: "files/{{ item.src }}"
|
||||
@ -26,8 +38,32 @@
|
||||
loop:
|
||||
- src: FreeBSD.conf
|
||||
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||
- src: pkg.conf
|
||||
dest: /usr/local/etc/pkg.conf
|
||||
|
||||
- name: Install Configuration
|
||||
when: custom_repo is defined
|
||||
copy:
|
||||
src: "files/{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: wheel
|
||||
loop:
|
||||
- src: disable_freebsd_upstream.conf
|
||||
dest: /usr/local/etc/pkg/repos/FreeBSD.conf
|
||||
- src: poudriere.pub
|
||||
dest: /usr/local/etc/pkg/poudriere.pub
|
||||
|
||||
- name: Install Configuration
|
||||
when: custom_repo is defined
|
||||
register: changed_config
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0644
|
||||
loop:
|
||||
- { src: custom.conf.j2, dest: /usr/local/etc/pkg/repos/custom.conf }
|
||||
|
||||
# - name: Replace all packages with packages from new repo
|
||||
# command: pkg upgrade -f -y
|
||||
|
8
ansible/roles/package_manager/templates/custom.conf.j2
Normal file
8
ansible/roles/package_manager/templates/custom.conf.j2
Normal file
@ -0,0 +1,8 @@
|
||||
custom: {
|
||||
# url: "file:///opt/pkgrepo/packages/current-default-framework"
|
||||
url: "https://freebsdpkg.fizz.buzz/repo/{{ custom_repo }}",
|
||||
enabled: yes,
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/usr/local/etc/pkg/poudriere.pub",
|
||||
priority: 100
|
||||
}
|
@ -5,26 +5,59 @@ set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
: ${LOCKFILE:="/var/run/poudboot.lock"}
|
||||
: ${INFO_DIR:="/opt/poudriere/run_info"}
|
||||
: ${PORT_UPDATE_SECONDS:="86400"}
|
||||
: ${BUILD_SECONDS:="7200"}
|
||||
|
||||
############## Setup #########################
|
||||
|
||||
# function cleanup {
|
||||
# for f in "${folders[@]}"; do
|
||||
# log "Deleting $f"
|
||||
# rm -rf "$f"
|
||||
# done
|
||||
# }
|
||||
# folders=()
|
||||
# for sig in EXIT INT QUIT HUP TERM; do
|
||||
# trap "set +e; cleanup" "$sig"
|
||||
# done
|
||||
|
||||
function die {
|
||||
local status_code="$1"
|
||||
shift
|
||||
(>&2 echo "${@}")
|
||||
exit "$status_code"
|
||||
}
|
||||
|
||||
function log {
|
||||
(>&2 echo "${@}")
|
||||
}
|
||||
|
||||
function run_locked {
|
||||
if [ "${RUN_LOCKED:-}" != "RUN" ]; then
|
||||
exec env RUN_LOCKED=RUN flock --nonblock $LOCKFILE $0 $@
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
############## Program #########################
|
||||
|
||||
function main {
|
||||
COMMAND="$1"
|
||||
shift 1
|
||||
local COMMAND="$1"
|
||||
|
||||
if [ "$COMMAND" = "start" ]; then
|
||||
run_locked "${@}"
|
||||
shift 1
|
||||
cmd_start "${@}"
|
||||
elif [ "$COMMAND" = "stop" ]; then
|
||||
shift 1
|
||||
cmd_stop "${@}"
|
||||
else
|
||||
die 1 "Unrecognized command: $COMMAND"
|
||||
fi
|
||||
}
|
||||
|
||||
function die {
|
||||
exit_code="$1"
|
||||
shift 1
|
||||
(>&2 echo "${@}")
|
||||
exit "$exit_code"
|
||||
}
|
||||
|
||||
function abort_if_jobs_running {
|
||||
if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
|
||||
echo "There is already a poudriere build in progress, exiting."
|
||||
@ -40,30 +73,47 @@ function build {
|
||||
function cmd_start {
|
||||
abort_if_jobs_running
|
||||
|
||||
# Allow command failures without quitting the script because some
|
||||
# package sets might fail whereas others may succeed based on which
|
||||
# packages are in each set.
|
||||
set +e
|
||||
while true; do
|
||||
for conf in /opt/poudriere/build_configs/*; do
|
||||
(
|
||||
# Allow command failures without quitting the script because some
|
||||
# package sets might fail whereas others may succeed based on which
|
||||
# packages are in each set.
|
||||
set +e
|
||||
|
||||
for conf in /opt/poudriere/build_configs/*; do
|
||||
(
|
||||
source "$conf"
|
||||
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||
)
|
||||
source "$conf"
|
||||
local RUN_DIR="$INFO_DIR/$JAIL-$PORTS-$SET"
|
||||
local TIMES_FILE="$RUN_DIR/times"
|
||||
mkdir -p "$RUN_DIR"
|
||||
local PORTUPDATE=0
|
||||
local LASTBUILD=0
|
||||
if [ -e "$TIMES_FILE" ]; then
|
||||
source "$TIMES_FILE"
|
||||
fi
|
||||
local now=$(date +%s)
|
||||
if [ $((now - PORTUPDATE)) -gt "$PORT_UPDATE_SECONDS" ]; then
|
||||
log "Updating ports for $JAIL-$PORTS-$SET"
|
||||
portshaker -U
|
||||
portshaker -M
|
||||
PORTUPDATE=$(date +%s)
|
||||
fi
|
||||
if [ $((now - LASTBUILD)) -gt "$BUILD_SECONDS" ]; then
|
||||
log "Building ports for $JAIL-$PORTS-$SET"
|
||||
build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||
LASTBUILD=$(date +%s)
|
||||
# Cleanup old unused dist files
|
||||
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||
poudriere logclean -y 180
|
||||
fi
|
||||
|
||||
cat > "$TIMES_FILE" <<EOF
|
||||
PORTUPDATE=$PORTUPDATE
|
||||
LASTBUILD=$LASTBUILD
|
||||
EOF
|
||||
)
|
||||
done
|
||||
sleep 300
|
||||
done
|
||||
|
||||
# Re-enable exiting on failed commands
|
||||
set -e
|
||||
|
||||
# Cleanup old unused dist files
|
||||
for conf in /opt/poudriere/build_configs/*; do
|
||||
(
|
||||
source "$conf"
|
||||
poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
|
||||
)
|
||||
done
|
||||
|
||||
poudriere logclean -y 180
|
||||
}
|
||||
|
||||
function cmd_stop {
|
||||
|
@ -67,3 +67,6 @@ _carddavs._tcp IN SRV 0 1 443 carddav.fastmail.com
|
||||
|
||||
_caldav._tcp IN SRV 0 0 0 .
|
||||
_caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
|
||||
|
||||
home IN A 68.197.252.22
|
||||
opstunnel IN CNAME home.fizz.buzz.
|
||||
|
@ -6,6 +6,6 @@ IFS=$'\n\t'
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
export XDG_CURRENT_DESKTOP=sway
|
||||
#export WLR_RENDERER=vulkan
|
||||
export WLR_RENDERER=vulkan
|
||||
|
||||
exec sway -d &> $HOME/.config/swaylog
|
||||
|
Loading…
Reference in New Issue
Block a user